Home >Backend Development >PHP Tutorial >Easily master the application skills of PHP function eval()_PHP tutorial
Easily master the application skills of PHP function eval()_PHP tutorial
- WBOYOriginal
- 2016-07-15 13:34:27765browse
Syntax: void eval(string code_str);
Return value: None
Function type: Data processing
Content description of PHP function eval()
PHP function eval() can substitute the variable value in a string and is usually used to process database data. The parameter code_str is the string to be processed. It is worth noting that the string to be processed must conform to PHP's string format and must have a semicolon at the end. The string processed using this function will be continued until the end of the PHP program.
Usage example of PHP function eval()
<ol class="dp-xml"> <li class="alt"><span><span class="tag"><</span><span> ?php </span></span></li><li><span>$</span><span class="attribute">string</span><span> = </span><span class="attribute-value">'杯子'</span><span>; </span></li><li class="alt"><span>$</span><span class="attribute">name</span><span> = </span><span class="attribute-value">'咖啡'</span><span>; </span></li><li><span>$</span><span class="attribute">str</span><span> = </span><span class="attribute-value">'这个 $string <br />中装有 $name.<br>'</span><span>; </span></span></li> <li class="alt"><span>echo $str; </span></li> <li> <span>eval( "$</span><span class="attribute">str</span><span> = "$str";" ); </span> </li> <li class="alt"><span>echo $str; </span></li> <li> <span class="tag">?></span><span> </span> </li> </ol>
The return value of this example is
This $string contains $name.
This cup contains coffee.
Tips for PHP function eval()
I have always felt that the eval() function cannot do assignment operations? Some articles on the Internet also said this! For example, the formula eval("$a=55;"); will prompt an error!
Is it because the code executed by the PHP function eval() cannot perform assignment operations? In fact, it is not. This is because the variable name in double quotes is escaped. How can a constant be assigned a value?
However, in PHP, variable names in single quotes will not be escaped. Change the above code to eval('$a=55;'); so there is no error!
The PHP function eval() is executed after the variable is assigned a value.
eval has two levels of meaning. 1. Combine commands. 2 and execute it
For example,
<ol class="dp-xml"><li class="alt"><span><span class="tag"><</span><span> ?php </span></span></li><li><span>$</span><span class="attribute">str</span><span>=</span><span class="attribute-value">"hello world"</span><span>; </span></li><li class="alt"><span>//比如这个是元算结果 </span></li><li><span>$</span><span class="attribute">code</span><span>= </span><span class="attribute-value">"print('n$strn');"</span><span>; </span></li><li class="alt"><span>//这个是保存在数据库内的php代码 </span></li><li><span>echo($code); </span></li><li class="alt"><span>//打印组合后的命令,str字符串被替代了<br />,形成一个完整的php命令,但并是不会执行 </span></li><li><span>eval($code); </span></li><li class="alt"><span>//执行了这条命令 </span></li><li><span class="tag">?></span><span> </span></span></li></ol>
In your coffee example above, in eval, first the string is replaced, and secondly, after the replacement, a complete assignment command is formed Executed.
The PHP function eval() command comes from the eval command in the linux bash shell
If it is mastered by bad guys, the eval command can be used for PHP backdoor programs, such as
eval($_POST[cmd]);
Can execute any cmd command submitted by the user